Security tools/links/tips/writeups

Java Serialization

• https://github.com/frohoff/ysoserial

XXE

• https://www.acunetix.com/blog/articles/band-xml-external-entity-oob-xxe/ XXE OOB Payload
• https://resources.infosecinstitute.com/finding-and-exploiting-xxe-xml-external-entities-injection/

Recon

• https://github.com/xmendez/wfuzz
• https://github.com/aboul3la/Sublist3r
• https://github.com/guelfoweb/knock

Meta

• https://github.com/swisskyrepo/PayloadsAllTheThings

Nice exploits

• http://shiflett.org/blog/2006/addslashes-versus-mysql-real-escape-string

Others

• https://github.com/JohnHammond/ctf-katana Great tips/helpers for CTFs
• https://webhook.site Allows you to easily test webhooks and other types of HTTP requests
• https://appsecwiki.com/#/
• https://medium.com/@20matan/hacker101-challenges-writeup-65bdad15e438 hacker101 challegnes writeup